Vulnerability Details : CVE-2010-3280
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2010-3280
Probability of exploitation activity in the next 30 days: 1.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:A/AC:M/Au:N/C:C/I:P/A:P |
5.5
|
8.5
|
NIST |
CWE ids for CVE-2010-3280
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3280
-
http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf
Best 7 Best Internet Security Software in 2019
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/61920
Alcatel-Lucent OmniTouch Contact Center call center information disclosure CVE-2010-3280 Vulnerability Report
-
http://www.vupen.com/english/advisories/2010/2459
Webmail | OVH- OVHVendor Advisory
-
http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf
Portfolio | NokiaVendor Advisory
-
http://www.securityfocus.com/archive/1/513869
SecurityFocus
-
http://www.securityfocus.com/bid/43340
Alcatel-Lucent OmniTouch Contact Center Security Bypass and Information Disclosure Vulnerabilities
Products affected by CVE-2010-3280
- cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*
- cpe:2.3:a:alcatel-lucent:ccagent:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*